269 matches found
PT-2025-16401
Name of the Vulnerable Software and Affected Versions: Oracle Commerce Platform versions 11.3.0 through 11.3.2 Description: The issue allows a low-privileged attacker with network access via HTTP to compromise the Oracle Commerce Platform. Successful attacks require human interaction from a perso...
PHPSHE 注入漏洞
PHPSHE is a set of online shopping mall system of China Lingbao Jane Hao Network Technology PHPSHE company. The system supports express tracking, online chat, order evaluation and statistics and other functions. PHPSHE 1.8 version of the existence of injection vulnerability, the vulnerability ste...
CVE-2025-32378
Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registere...
CVE-2025-32378 Shopware's default newsletter opt-in settings allow for mass sign-up abuse
Shopware is an open source e-commerce software platform. Prior to 6.6.10.3 or 6.5.8.17, the default settings for double-opt-in allow for mass unsolicited newsletter sign-ups without confirmation. Default settings are Newsletter: Double Opt-in set to active, Newsletter: Double opt-in for registere...
CVE-2025-30152 Sylius PayPal Plugin has an Order Manipulation Vulnerability after PayPal Checkout
The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Prior to 1.6.2, 1.7.2, and 2.0.2, a discovered vulnerability allows users to modify their shopping cart after completing the PayPal Checkout process and payment authorization. If a user initiates a PayPal...
CVE-2025-29788
The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...
CVE-2025-29788 Sylius PayPal Plugin Payment Amount Manipulation Vulnerability
The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. A vulnerability in versions prior to 1.6.1, 1.7.1, and 2.0.1 allows users to manipulate the final payment amount processed by PayPal. If a user modifies the item quantity in their shopping cart after...
The vulnerability of the software platform for developing and managing Adobe Commerce B2B platforms, related to lack of access control, allows a hacker to bypass existing security restrictions and gain unauthorized access to protected information.
The vulnerability of the software platform for developing and managing Adobe Commerce B2B is related to lack of access control. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions and gain unauthorized access to protected information...
zz 安全漏洞
zz is an e-commerce platform for zj1983 individual developers. A security vulnerability exists in zz 2024-8 and prior versions that stems from improper authorization...
Mini-Tmall 跨站脚本漏洞
Mini-Tmall is Mini-Tmall open source Spring Boot based on a comprehensive B2C e-commerce platform . Used to build an e-commerce platform to provide commodity trading services. A cross-site scripting vulnerability exists in Mini-Tmall 20250211 and previous versions. Attackers can use the...
zz 注入漏洞
zz is an e-commerce platform for zj1983 individual developers. An injection vulnerability exists in zz 2024-8 and prior versions, which stems from SQL injection and could lead to remote code execution...
zz 注入漏洞
zz is an e-commerce platform for zj1983 individual developers. An injection vulnerability exists in zz 2024-8 and prior versions, which stems from SQL injection and could lead to remote code execution...
zz 注入漏洞
zz is an e-commerce platform for zj1983 individual developers. An injection vulnerability exists in zz 2024-08 and prior versions, which stems from SQL injection and could lead to remote code execution...
zz 代码问题漏洞
zz is an e-commerce platform for zj1983 individual developers. A code issue vulnerability exists in zz 2024-8 and prior versions, which stems from unrestricted file uploads and could lead to remote code execution...
zz 注入漏洞
zz is an e-commerce platform for zj1983 individual developers. An injection vulnerability exists in zz 2024-8 and prior versions, which stems from SQL injection and could lead to remote code execution...
SAP Commerce 跨站请求伪造漏洞
SAP Commerce is a suite of cloud-based e-commerce platforms from Germany's SAP. It supports sales management, marketing management, order management and operations management. A cross-site request forgery vulnerability exists in SAP Commerce, which stems from a misconfiguration that can lead to...
SQL Injection Vulnerability in UFIDA NC of UFIDA Network Technology Co.
UFIDA NC is a large erp enterprise management system and e-commerce platform. A SQL injection vulnerability exists in UFIDA NC, which can be exploited by attackers to obtain sensitive database information...
SAP Commerce 信息泄露漏洞
SAP Commerce is a set of cloud-based e-commerce platforms from Germany's SAP. It supports sales management, marketing management, order management, and operations management. An information disclosure vulnerability exists in SAP Commerce that stems from the ability to recognize valid accounts...
CVE-2024-42357 Shopware vulnerable to blind SQL-injection in DAL aggregations
Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the...
CVE-2024-42356 Shopware vulnerable to Server Side Template Injection in Twig using Context functions
Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the context variable is injected into almost any Twig Template and allows to access to current language, currency information. The context object allows also to switch for a short time the scope of the Context as a...